i y 
CP 

rS a 



'~4 



32 



22 



Content Provider 




Content 
Database 



24 



-E3- 



□il 



Subscriber Unit 



7^, / 



♦ » 



Til 



r 3 



60 
62 

64 

66 
68 

69 

70 



48 



Subscriber Unit 24 
-40 



42 



CPU 



Processor 



J 



Cryptography 
Accelerator 

Key Pair 
(^cpu' ^cpu 1 ) 

Mfr. Certificate) 
S/W ID Reg^) 



LOGR 



J 



Boot 



Log ) 



Nonvolatile 
Memory 

Operating 
System 

Boot Block 



Secure Storage 
S/W Program(s) 



C 



Key 



Volatile Memory 



Network Interface 



Sound System 



j 



Display 



80 
82 

84 

86 
88 

44 

46 
50 



^ty. 2 



r 


92 ^-94 X" 82 


^-90 

* ^-99 


^-96 


^98 


3AB 


Length 


Boot Block of Code 


Other Data 


Signature 


Public Key 



PJ 



1? § 



130 



70 



132 



Authenticated 

Boot Key 
Generator Seed 


Boot Block Public Key 


2.01 


Boot Block Digest 




Boot Block version 1.1 


OS NT 5.1 


SP3 


Matrox Driver v1 .03, digest 


Creative Driver 4.01, digest 



5 



Subscriber Unit 24 



Execute BAB Opcode to 
Set SIR and Execute 
Boot Block 



100 



102 



Operation 
Complete and 
Correct? 



No 



106 



H SIR 



Yes 



SIR = Boot Block 
Identity 



104 



Store Block Identity in 
Boot Log 



( Load Next Block Y~ 



Check Validity 



110 



112 



114 



Subscriber Unit 24 



Content Provider 22 



150 



Establish Secure 
Connection 



152 



154 



Submit Request for 
Content 



} 



Request 



Receive and Analyze 
Request 



156 



Generate Challenge 
Nonce 



160 



Mint OS Certificate 
Containing Challenge 
Nonce 



Challenge 
Nonce 



158 



Send Challenge 



162 



Send OS Certificate 
and CPU Mfr. 
Certificate 



OS Certificate + 
Mfr. Certificate 



164 



Receive and Validate 
Both Certificates 



168 



Reject 
Request 



^ No 



170 




172 



From Fig. 6b 



To Fig. 6b, 
Step 174 



Subscriber Unit 24 



Content Provider 22 




Subscriber Unit 24 



TU 
CP 



3 W 



Receive Seed from OS 
or Application 



Concatenate User Seed 
with Secret Key and Boot 
Stack Entries to Form 
Composite Identity 



Enter Identity Into 
Random Number 
Generator and Generate 
Storage Key 



200 



202 



204 



JSSt, 



Encrypt Content Using 
Storage Key 




Store Encrypted Content 
In Memory 



206 



208 



